General
-
Target
bRdP.exe
-
Size
23KB
-
Sample
231101-bhqgxagd6z
-
MD5
a3352857ad5be8542c961e979f99c206
-
SHA1
da7432c7c6e845e7527b1afc1bf3eff059ec5fb5
-
SHA256
88e3771d0df5183c6e49438db031e378b1d85be315f6f477617a1ca698944ada
-
SHA512
a8296458ac687599827a2e99cb2b251dcacd175d9d2fe6823865d9ca3c9160cd93420fa9ced8e97aa79e44b9aa14a935bb1c482937ac7c123e0c738cedbaf9dc
-
SSDEEP
384:v+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZyE:Im+71d5XRpcnuo
Behavioral task
behavioral1
Sample
bRdP.exe
Resource
win7-20231020-en
Malware Config
Extracted
njrat
0.7d
Lammer
0.tcp.sa.ngrok.io:11608
2f80826e57fc9ce2ed2b587829b0f2de
-
reg_key
2f80826e57fc9ce2ed2b587829b0f2de
-
splitter
|'|'|
Targets
-
-
Target
bRdP.exe
-
Size
23KB
-
MD5
a3352857ad5be8542c961e979f99c206
-
SHA1
da7432c7c6e845e7527b1afc1bf3eff059ec5fb5
-
SHA256
88e3771d0df5183c6e49438db031e378b1d85be315f6f477617a1ca698944ada
-
SHA512
a8296458ac687599827a2e99cb2b251dcacd175d9d2fe6823865d9ca3c9160cd93420fa9ced8e97aa79e44b9aa14a935bb1c482937ac7c123e0c738cedbaf9dc
-
SSDEEP
384:v+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZyE:Im+71d5XRpcnuo
-
Modifies Windows Firewall
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-